[rescue] Can someone do me a favor (fast 'net, CD-burner)

[Joshua Boyd]

On Tue, Nov 18, 2003 at 12:06:25PM -0500, Sheldon T. Hall wrote:

> By "directly connected" you mean with no separate firewall, right?  I don't
> think I'd do that with anything, actually, if I could help it.  I say that
> mainly because I'm a lot more confident of my ability to configure a
> firewall than to secure a machine running a real OS.
> 
> If, on the other hand, having my un-patched, un-secured Unix boxes behind my
> ISDN router-firewall means they are "directly connected," well, I'm in a
> world of hurt.  The Solaris box is running unpatched 7, open-relay sendmail
> and all.  I've made no attempts to secure the IRIX boxes, either....
> 
> However, the stuff's been up for a couple of years, and, while the haxorz
> hammer the firewall, I've never seen any indication that they have gotten a
> single bit through it.  Of course, if they were _good_ at what they were
> doing, I wouldn't see any evidence, I guess.

Directly connected to me means that any port of the machine is somehow
directly exposed.  If the machine is behind a NAT, and the NAT isn't
configured to forward ports to that machine, I consider it safe,
otherwise I don't.  Maybe I'm paranoid or naive here, but that's my
view. 

Actually for that matter, I wouldn't really want to connect anything
other that NetBSD, OpenBSD, or Solaris, but that's largely to do with my
familiarity of tightening them down and running them minimally.
Although I have in the past forwarded just SSH through to linux
machines.  Irix just doesn't inspire confidence in me in this area.